CVE-2019-3735
Description
Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.034
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2019-3735,CVE-2020-5316 are affected in Dell SupportAssist 2.2 | Windows |
| Vulnerabilities CVE-2019-3735,CVE-2020-5316 are affected in Dell SupportAssist 2.2.1 | Windows |
| Vulnerabilities CVE-2019-3735,CVE-2020-5316 are affected in Dell SupportAssist 2.2.2 | Windows |
| Vulnerabilities CVE-2019-3735,CVE-2020-5316 are affected in Dell SupportAssist 2.2.3 | Windows |
| Vulnerabilities CVE-2019-3735,CVE-2020-5316 are affected in Dell SupportAssist 3.0 | Windows |
| Vulnerabilities CVE-2019-3735,CVE-2020-5316 are affected in Dell SupportAssist 3.0.1 | Windows |
| Vulnerabilities CVE-2019-3735,CVE-2020-5316 are affected in Dell SupportAssist 3.0.2 | Windows |
| Vulnerabilities CVE-2019-3735,CVE-2020-5316 are affected in Dell SupportAssist 3.1 | Windows |
| Vulnerabilities CVE-2019-3735,CVE-2020-5316 are affected in Dell SupportAssist 3.2 | Windows |
| Vulnerabilities CVE-2019-3735,CVE-2020-5316 are affected in Dell SupportAssist 3.2.1 | Windows |
| Improper Privilege Management Vulnerability (CVE-2019-3735) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234